[v2,3/8] snapshot: Don't use extra after it's been freed (CID #220086)

Submitted by Bryce Harrington on June 13, 2018, 12:35 a.m.

Details

Message ID 1528850138-30405-4-git-send-email-bryce@bryceharrington.org
State New
Series "Coverity fixes"
Headers show

Commit Message

Bryce Harrington June 13, 2018, 12:35 a.m.
Note this changes the semantics of the value of extra_out such that it
is set to NULL instead of left undefined in case an error is returned.

Coverity ID: 220086

Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
---
 src/cairo-surface-snapshot.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/src/cairo-surface-snapshot.c b/src/cairo-surface-snapshot.c
index c8f3078..a8b8c0e 100644
--- a/src/cairo-surface-snapshot.c
+++ b/src/cairo-surface-snapshot.c
@@ -100,14 +100,17 @@  _cairo_surface_snapshot_acquire_source_image (void                    *abstract_
     cairo_status_t status;
 
     extra = _cairo_malloc (sizeof (*extra));
-    if (unlikely (extra == NULL))
+    if (unlikely (extra == NULL)) {
+	*extra_out = NULL;
 	return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+    }
 
     extra->target = _cairo_surface_snapshot_get_target (&surface->base);
     status =  _cairo_surface_acquire_source_image (extra->target, image_out, &extra->extra);
     if (unlikely (status)) {
 	cairo_surface_destroy (extra->target);
 	free (extra);
+	extra = NULL;
     }
 
     *extra_out = extra;